I stopped a Phishing scam; but got frauded myself first.

Lets start at the beginning

This whole fraud story revolves around Domain registration and website related stuff.. but I promise it applies to you even if you have no idea what a Domain or a website is.

Basically what happened was my account at Godaddy was compromised. Someone had gained un-authorized access, and started purchasing domains on my linked credit card.

My Credit card company helps with notifications

My Capital one credit card sends me email and SMS alerts on ALL transaction no matter how small. This is something I wanted because the default higher value transactions are great, but what if someone kept charging smaller amounts; I wouldn’t notice this fraud until my statement came in.

When the first one came through, I didn’t think much of it, I have a domain that was due to auto renew in September, and thought, that was just my idolizedhosting.com domain renewing. Awesome, Autopilot is great.

However the next day I got another notice that a similar transaction has been placed. Now I know for a fact that there is NOT 2 domains that I own expiring in September, so I jump online and login to my account, with my obviously weak password. What do I find but a bit of changes to my account. I immediately call Godaddy as I want this fixed, or at least on record RIGHT AWAY,

Godaddy Stepped up with excellent customer service.

As I’m dialing i changed my password to something a lot more complex (this is definitely my bad on not updating my password more often.

While I’m on the phone myself and the Agent are checking out my profile and noticed a few things that this person has changed.

My Email address (looks like he actually used his real email address) Amateur

My home phone number (Again it looks like it’s a real number in Great Brittan) I should call him up

My Work Number (Again a valid yet different number) Did he put his real work number??

What Did He Buy? and what was he going to do?

Phishing Scammer

So 2 domains were purchased (In my name… remember this)

one was related to databases with some hyphens, perhaps he was going to use this for storing captured data? Im not sure.

The second one is what was interesting. A Domain that was something like Paypalaccontinfo.some TLD im not going to put the real URL because well that’s not good
Notice Accont not account. This is very common in Phishing scams (Read my article on Phishing scams here)

The What If’s are the scary part.

Basically what this person could have done is setup a Paypal clone site that shows the paypal login box you are familiar with. Once you enter the information required to login to a paypal account, it will then store your information somewhere. I’m assuming the database related URL. If a phishing scammer has a website up they usually don’t last long and get taken down. Once its taken down that person would loose and data saved on that server, however if they had some random database related domain on a different server to store the data they would be able to get all the stolen information.

Now remember this was on my account? I said this was important. Paypalaccontinfo is registered to yours truly.. Who do you think there going to come calling on at this point? See my issue now?

What Happens now?

Godaddy was extremely helpful, I honestly cannot say enough about them, I have been a member since 2003 and have yet to have a bad experience with them. I deal with some other registrars for my hosting side of this company, however Godaddy just has excellent customer service whenever i have to call (which isn’t often)

The Agent immediately took action and started the cancellation of the domains. She knew exactly what ones were in question (as they were two days old) but within minutes i started seeing them disappear from my account. Refunds were issued at the same time and no Credit card dispute needed.

I have only one refund right now (currently only 3 days since the issue) but I don’t see why the other wont come shortly.

I also have 60 days to file a dispute with my credit card company, but i don’t think it will ever come to that.

Once all this was completed She looked over my whole account and corrected anything with me at the time.

Protecting my customers from fraud as well

I also asked her to look at accounts I have been granted access to maintain for my customers. I Do not (and never want) purchasing access on these user accounts, I take access for the sole purpose of management and reminding my customers that their domain is coming up for renewals

She also made sure no one was given access to manage my account (which would have been a sly thing to do)

Afterwards I went and checked all my domains and made sure none of the contact information was changed in the registry. All was Ok.

Finally I turned on 2 step authentication for my godaddy account. Basically whenever I login (or someone else tries to) I will get a text message with a code. you cannot login without this code. So essentially I now have a SMS alert that someones trying to login to my account. Win Win

What can you do to protect yourself from Fraud

Securing yourself Online

There’s some simple steps to help protect yourself. Here’s some that you can start with RIGHT NOW

Turn on 2 step authentication on any online accounts that offer it. You can use an Authentication app on your phone, or opt to have an SMS alert with a code sent to you.

If you purchase online with your credit card, check with them to see if you can setup alerts. My Credit card company allows SMS and Emails right on their website control panel. If your card doesn’t have an online portal, call them up and ask them.

Use STr0n_g3r_PassW0rd5 (Stronger passwords). Change them often. I know it sounds like a hassle, but honestly you don’t want your information out there for the taking.

Don’t use the same passwords on all your sites ESPECIALLY FINANCIAL sites. If you have a hard time remembering all these different passwords, there are some apps that can store them all for you. One I use for IOS is “Photo Vault-Secret Manager LS” this was written by an IT Manager. Its local to your device and doesn’t store anything on a server somewhere. It can store photos, videos, contacts, notes and passwords. The app is them locked via fingerprint or passcode / password. I suggest you download it and try it out…. did i mention its free?